icheko/medium-podman-scc.yaml

## medium-podman-scc.yaml
apiVersion: security.openshift.io/v1
metadata:
  name: nonrootbuilder
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowPrivilegeEscalation: true
allowPrivilegedContainer: false
allowedCapabilities: null
defaultAddCapabilities: null
groups: []
kind: SecurityContextConstraints
priority: 5
readOnlyRootFilesystem: false
requiredDropCapabilities:
  - KILL
  - MKNOD
fsGroup:
  type: RunAsAny
runAsUser:
  type: MustRunAs
  uid: 1001
seLinuxContext:
  type: MustRunAs
supplementalGroups:
  type: RunAsAny
users: []
volumes:
  - configMap
  - downwardAPI
  - emptyDir
  - persistentVolumeClaim
  - projected
  - secret
	apiVersion: security.openshift.io/v1
	metadata:
	name: nonrootbuilder
	allowHostDirVolumePlugin: false
	allowHostIPC: false
	allowHostNetwork: false
	allowHostPID: false
	allowHostPorts: false
	allowPrivilegeEscalation: true
	allowPrivilegedContainer: false
	allowedCapabilities: null
	defaultAddCapabilities: null
	groups: []
	kind: SecurityContextConstraints
	priority: 5
	readOnlyRootFilesystem: false
	requiredDropCapabilities:
	- KILL
	- MKNOD
	fsGroup:
	type: RunAsAny
	runAsUser:
	type: MustRunAs
	uid: 1001
	seLinuxContext:
	type: MustRunAs
	supplementalGroups:
	type: RunAsAny
	users: []
	volumes:
	- configMap
	- downwardAPI
	- emptyDir
	- persistentVolumeClaim
	- projected
	- secret